Beware of a New Breed of Scammers Pretending To Be Netflix Tech Support

Netflix subscribers beware: There’s a scheme floating around the Internet that you should watch out for. If you’re not careful, you could end up about $400 poorer and with a stolen identity.

It works like this: A group of scammers purporting to be Netflix tech support sends you a phony email. It sends you to a fake Netflix login page, sets a phony notice that your account has been suspended and then persuades you to call a support service to get it back. Once they have you on the phone with fake tech support, they persuade you to download software that allows them to crawl through your computer and snap up anything of interest.

When it’s all over, they’ll send you a bill and run away with any good data they can find.

It’s a common scheme, which affects numerous other websites and services. But this particular instance provides a rare step-by-step glimpse into the particulars of the con.

The scheme was discovered and documented in the YouTube video below by Malwarebytes Unpacked cybersecurity writer Jérôme Segura.

It all starts when you think you’re logging into your Netflix account, based on the fake email from Netflix. You can enter whatever incorrect login information you want. No matter what, it’ll bring you to a page that says your account was suspended for unauthorized use and ask you to call an 800 number on the screen.

When Segura did that, the person who answered posed as a Netflix support specialist and asked him to download a program to help with the problem. In reality, it was a remote-control software called TeamViewer, which allows third parties to access computer systems remotely.

As soon as the guy on the phone got access to the system, he told Segura he’d been hacked. This a tactic to instill fear in the target and then gain trust, Segura told Wired UK. In other words, the more threatened you feel by a larger, uncontrollable force that’s overtaken your computer, the more likely you are to hand over money or personal information to some random person you just met over the phone.

The person on the phone demonstrated the security breach by bringing up a “Foreign IP Tracer” to demonstrate hacker activity from nefarious countries. In reality, that’s just a common Windows batch script meant to confuse you.

After that, the scammer switched over to a “Microsoft certified technician.” This doesn’t actually make any sense when you think about it — wasn’t the problem with Netflix? — but maybe they’re counting on your guard being down after just discovering you’ve been hacked. During this process, the scammers combed Segura’s computer for any files that might prove lucrative — banking info, personal identification documents and so on.

Then, after picking apart his personal documents, they sent him a bill for the “maintenance” they’d performed. The total came to $389.97. But don’t worry, they assured Segura, you’ll get a $50 Netflix discount! (The coupon is fake, natch.)

Finally, they asked Segura to photograph his credit card with his webcam to confirm the payment. As soon as they realized that Segura’s computer camera was disabled, they ended the call.

But then you think about a late evening where you’ve had a glass or two of wine and turn to Netflix for entertainment. All of a sudden there’s a problem and someone shows up to fix it. You just want to get back to House of Cards, so you agree to whatever this “expert” tells you. And before you know it, your identity is stolen.